import, export, delete and generate keys

css/default.css

@@ -185,6 +185,10 @@ h1.oben {
 	color: #ffcc00;
 	} 
 
+table.gnupg_keys td {
+	padding-right: 10px;
+	}
+
 table.subscribers {
 	border-width: 0;
 	margin: 0;

ezmlm-web.cgi

@@ -239,6 +239,19 @@ elsif ($action eq '' || $action eq 'list_select') {
 		$error = 'ParameterMissing';
 		$pagename = 'list_select';
 	}
+} elsif ($action eq 'gnupg_export') {
+	if (defined($q->param('list')) && defined($q->param('gnupg_keyid'))) {
+		if (&gnupg_export_key($q->param('list'), $q->param('gnupg_keyid'))) {
+			exit 0;
+		} else {
+			$warning = 'GnupgExportKey';
+			# TODO: pagename is quite random here ...
+			$pagename = 'gnupg_secret';
+		}
+	} else {
+		$error = 'ParameterMissing';
+		$pagename = 'list_select';
+	}
 } elsif ($action eq 'textfiles') {
 	# Edit DIR/text ...
 	if (defined($q->param('list'))) {
@@ -528,7 +541,7 @@ sub set_pagedata4list_gnupg() {
 
 	# retrieve the currently available public keys
 	@gpg_keys = $gpg_list->get_public_keys();
-	for (my $i = 0; $i < $#gpg_keys; $i++) {
+	for (my $i = 0; $i <= $#gpg_keys; $i++) {
 		$pagedata->setValue("Data.List.gnupg_keys.public.$i.id" , $gpg_keys[$i]{id});
 		$pagedata->setValue("Data.List.gnupg_keys.public.$i.email" , $gpg_keys[$i]{email});
 		$pagedata->setValue("Data.List.gnupg_keys.public.$i.name" , $gpg_keys[$i]{name});
@@ -537,7 +550,7 @@ sub set_pagedata4list_gnupg() {
 
 	# retrieve the currently available secret keys
 	@gpg_keys = $gpg_list->get_secret_keys();
-	for (my $i = 0; $i < $#gpg_keys; $i++) {
+	for (my $i = 0; $i <= $#gpg_keys; $i++) {
 		$pagedata->setValue("Data.List.gnupg_keys.secret.$i.id" , $gpg_keys[$i]{id});
 		$pagedata->setValue("Data.List.gnupg_keys.secret.$i.email" , $gpg_keys[$i]{email});
 		$pagedata->setValue("Data.List.gnupg_keys.secret.$i.name" , $gpg_keys[$i]{name});
@@ -887,6 +900,7 @@ sub untaint {
    foreach $i (0 .. $#params) {
       my(@values);
       next if($params[$i] eq 'mailaddressfile');
+      next if($params[$i] eq 'gnupg_key_file');
       foreach $param ($q->param($params[$i])) {
          next if $param eq '';
          if ($param =~ /^([#-\@\w\.\/\[\]\:\n\r\>\< _"']+)$/) {
@@ -958,6 +972,7 @@ sub add_address {
 				$fail_count++;
 			}
 		}
+		# TODO: is CLOSE necessary?
 	}
       
 	# User typed in an address
@@ -1212,7 +1227,137 @@ sub manage_gnupg_keys()
 # manage gnupg keys
 {
 	return (1==0) unless ($GPG_SUPPORT);
-	return (0==0);
+
+	my ($list, $listname, $upload_file);
+
+	$listname = $q->param('list');
+	return (0==1) unless (&is_list_gnupg($listname));
+
+	$list = new Mail::Ezmlm::Gpg("$LIST_DIR/$listname");
+
+	my $subset = $q->param('gnupg_subset');
+	if (defined($q->param('gnupg_key_file'))) {
+		return &gnupg_import_key($list, $q->param('gnupg_key_file'));
+	} elsif (($subset eq 'public') || ($subset eq 'secret')) {
+		return &gnupg_remove_key($list);
+	} elsif ($subset eq 'generate_key') {
+		if (&gnupg_generate_key($list)) {
+			$pagename = 'gnupg_secret';
+			return (0==0);
+		} else {
+			return (0==1);
+		}
+	} else {
+		$error = 'UnknownAction';
+		return (1==0);
+	}
+}
+
+# ------------------------------------------------------------------------
+
+sub gnupg_export_key()
+{
+	my ($listname, $keyid) = @_;
+	my $list = new Mail::Ezmlm::Gpg("$LIST_DIR/$listname");
+	my $key_armor;
+	if ($key_armor = $list->export_key($keyid)) {
+		print "Content-Type: application/pgp\n\n";
+		print $key_armor;
+		return (0==0);
+	} else {
+		return (0==1);
+	}
+}
+
+# ------------------------------------------------------------------------
+
+sub gnupg_import_key()
+{
+	my ($list, $upload_file) = @_;
+	
+	if ($upload_file) {
+		# Sanity check
+		my $fileinfo = $q->uploadInfo($upload_file);
+		my $filetype = $fileinfo->{'Content-Type'};
+		unless($filetype =~ m{^text/}i) {
+			$warning = 'InvalidFileFormat';
+			warn "[ezmlm-web] mime type of uploaded file rejected: $filetype";
+			return (1==0);
+		}
+
+		# Handle key upload
+		my @ascii_key = <$upload_file>;
+		# TODO: filter content?
+		if ($list->import_key(join ('',@ascii_key))) {
+			$success = 'GnupgKeyImport';
+			return (0==0);
+		} else {
+			$error = 'GnupgKeyImport';
+			return (0==1);
+		}
+	} else {
+		$warning = 'GnupgNoKeyFile';
+		return (1==0);
+	}
+}
+
+# ------------------------------------------------------------------------
+
+sub gnupg_generate_key() {
+	my ($list) = @_;
+	my ($key_name, $key_comment, $key_size, $key_expires);
+	$key_name = $q->param('gnupg_keyname');
+	$key_comment = $q->param('gnupg_keycomment');
+	$key_size = $q->param('gnupg_keysize');
+	$key_expires = $q->param('gnupg_keyexpires');
+
+	unless ($key_name) {
+		$warning = 'GnupgNoName';
+		return (0==1);
+	}
+
+	unless ($key_expires =~ m/^[0-9]+[wmy]?$/) {
+		$warning = 'GnupgInvalidExpiration';
+		return (1==0);
+	}
+
+	unless ($key_size =~ m/^[0-9]*$/) {
+		$warning = 'GnupgInvalidKeySize';
+		return (1==0);
+	}
+
+	if ($list->generate_private_key($key_name, $key_comment,
+			&this_listaddress(), $key_size, $key_expires)) {
+		$pagename = 'gnupg_secret';
+		return (0==0);
+	} else {
+		return (0==1);
+		$error = 'GnupgGenerateKey';
+	}
+}
+
+# ------------------------------------------------------------------------
+
+sub gnupg_remove_key() {
+	my ($list) = @_;
+
+	my $removed = 0;
+	my $key_id;
+	my @all_keys = grep /^gnupg_key_[0-9A-F]*$/, $q->param;
+	foreach $key_id (@all_keys) {
+		$key_id =~ /^gnupg_key_([0-9A-F]*)$/;
+		$list->delete_key($1) && $removed++;
+	}
+	
+	if ($removed == 0) {
+		$error = 'GnupgDelKey';
+		return (1==0);
+	} elsif ($#all_keys > $removed) {
+		$warning = 'GnupgDelKey';
+		return (0==0);
+	} else {
+		return (0==0);
+	}
 }
 
 # ------------------------------------------------------------------------

lang/de.hdf

@@ -68,6 +68,7 @@ Lang {
 		DeleteSecretKey	= Private(n) Schlüssel lälschen
 		GnupgImportKey	= Schlüssel importieren
 		GnupgGenerateKey	= Schlüsselpaar erzeugen
+		GnupgExportKey		= exportieren
 	  }
 
 
@@ -78,6 +79,9 @@ Lang {
 		InvalidFileName		= Der Dateiname ist nicht zulässig.
 		UnknownConfigPage	= Diese Konfigurations-Seite existiert nicht!
 		UnknownGnupgPage	= Diese GnuPG-Seite existiert nicht!
+		GnupgKeyImport		= Der Import des Schlüssels schlug fehl!
+		GnupgDelKey			= Das Entfernen des Schlüssels schlug fehl!
+		GnupgGenerateKey	= Das Erzeugen des Schlüssels schlug fehl!
 	  }
 
 
@@ -108,18 +112,26 @@ Lang {
 		RequiresIDX5		= Diese Aktion erfordert ezmlm-idx in der Version 5.0 oder höher.
 		ResetFileIsDefault	= Dieser Textbaustein ist keine angepasste Variante und kann somit nicht zurückgesetzt werden.
 		ResetFile			= Der angepasste Textbaustein konnte nicht entfernt werden.
+		GnupgNoKeyFile		= Es wurde keine Datei zum Hochladen ausgewählt!
+		GnupgDelKey			= Mindestens ein Schlüssel konnte nicht gelöscht werden!
+		GnupgNoKeySelected	= Es wurde kein Schlüssel ausgewählt!
+		GnupgNoName			= Der Name des Schlüssels darf nicht leer sein!
+		GnupgInvalidExpiration	= Das Verfallsdatum is ungültig!
+		GnupgInvalidKeySize	= Die Schlüssellänge ist ungültig!
+		GnupgExportKey		= Fehler beim Exportieren des Schlüssels!
 	  }
 	
 
 	SuccessMessage {
-		AddAddress		= Einschreibung erfolgreich
+		AddAddress	= Einschreibung erfolgreich
 		DeleteAddress	= Austragung erfolgreich abgeschlossen
-		CreateList		= Die neue Liste wurde erfolgreich angelegt.
-		DeleteList		= Die Mailingliste wurde gelöscht.
+		CreateList	= Die neue Liste wurde erfolgreich angelegt.
+		DeleteList	= Die Mailingliste wurde gelöscht.
 		UpdateConfig	= Die neuen Einstellungen wurden erfolgreich gespeichert.
-		UpdateGnupg		= Der Schlüsselring wurde erfolgreich geändert.
-		SaveFile		= Die Datei wurde gespeichert.
-		ResetFile		= Der angepasste Textbaustein wurde entfernt. Zukünftig wird stattdessen der systemweite Standard-Baustein verwendet.
+		UpdateGnupg	= Der Schlüsselring wurde erfolgreich aktualisiert.
+		SaveFile	= Die Datei wurde gespeichert.
+		ResetFile	= Der angepasste Textbaustein wurde entfernt. Zukünftig wird stattdessen der systemweite Standard-Baustein verwendet.
+		GnupgKeyImport	= Der Schlüssel wurde importiert.
 	  }
 
 
@@ -215,7 +227,9 @@ Lang {
 		GnupgImportKey	= Schlüssel aus einer Datei importieren:
 		GnupgKeyName	= Die Bezeichung des Schlüssels
 		GnupgKeyComment	= Ein Kommentar (optional)
-		GnupgKeySize	= Die Länge des Schlüssels
+		GnupgKeySize	= Schlüssellänge (in Bytes)
+		GnupgKeyExpires	= Verfallsdatum (in Jahren)
+		Never			= nie
 	  }
 
 
@@ -236,6 +250,7 @@ Lang {
 		TextFiles	= Das Auswahlfeld beinhaltet die Liste aller verfügbaren Textbausteine im Texte-Verzeichnis der Liste. Diese Textbausteine werden zur Erstellung der automatischen Antworten der Mailingliste benutzt.
 		EditTextFile	= Passe den Textbaustein an die Erfordernisse der Liste an. Eventuell möchtest du dafür auch einige der reservierten Platzhalter verwenden, die am Ende dieser Seite aufgeführt sind.
 		ResetTextFile	= Der Textbaustein wurde spezifisch an diese Liste angepasst. Um stattdessen den vorgegebenen Baustein der eingestellten Sprache zu verwenden, kannst du diesen listenspezifischen Baustein entfernen.
+		GnupgGenerateKey	= Um eine verschlüsselte Mailingliste verwenden zu können, ist es erforderlich, einen Schlüssel für die Liste zu erzeugen (oder zu importieren). Nachdem du das folgende Formular ausgefüllt und abgeschickt hast, wird es (abhängig von der Schlüssellänge) eine Weile dauern, bis der Schlüssel fertig ist. Sei also bitte geduldig.
 	  }
 
 	Legend {

lang/en.hdf

@@ -68,6 +68,7 @@ Lang {
 		DeleteSecretKey	= Delete secret key(s)
 		GnupgImportKey	= Import key
 		GnupgGenerateKey	= Generate key pair
+		GnupgExportKey	= download
 	  }
 
 
@@ -78,6 +79,9 @@ Lang {
 		InvalidFileName		= The name of the file is invalid!
 		UnknownConfigPage	= The chosen config page is invalid!
 		UnknownGnupgPage	= The chosen gnupg page is invalid!
+		GnupgKeyImport		= Failed to import the uploaded key!
+		GnupgDelKey			= Failed to remove the key(s)!
+		GnupgGenerateKey	= Failed generate a new key!
 	  }
 
 
@@ -107,19 +111,27 @@ Lang {
 		InvalidLocalPart	= The local part of the list address is not valid
 		RequiresIDX5		= This action requires ezmlm-idx v5.0 or higher.
 		ResetFileIsDefault	= There is no customized text file, that can be removed.
-		ResetFile			= Removal of custimized text file failed.
+		ResetFile		= Removal of custimized text file failed.
+		GnupgNoKeyFile		= There was no key file selected for upload!
+		GnupgDelKey			= Removal of (at least) one key failed!
+		GnupgNoKeySelected	= There was no key selected to be removed!
+		GnupgNoName			= The name of the key may not be empty!
+		GnupgInvalidExpiration	= The expiration time is invalid!
+		GnupgInvalidKeySize	= The length of the key is invalid!
+		GnupgExportKey		= Export of key failed!
 	  }
 	
 
 	SuccessMessage {
-		AddAddress		= The address was added to the list.
+		AddAddress	= The address was added to the list.
 		DeleteAddress	= The address was removed from the list.
-		CreateList		= The new mailing list was successfully created.
-		DeleteList		= The mailing list was successfully removed.
+		CreateList	= The new mailing list was successfully created.
+		DeleteList	= The mailing list was successfully removed.
 		UpdateConfig	= The mailing list's configuration was successfully changed.
-		UpdateGnupg		= The keyring was successfully changed.
-		SaveFile		= The file was saved.
-		ResetFile		= The customized text file was successfully removed. From now on, the system-wide default text file will be used instead of it.
+		UpdateGnupg	= The keyring has been changed successfully.
+		SaveFile	= The file was saved.
+		ResetFile	= The customized text file was successfully removed. From now on, the system-wide default text file will be used instead of it.
+		GnupgKeyImport	= The key was successfully imported.
 	  }
 
 
@@ -215,7 +227,9 @@ Lang {
 		GnupgImportKey	= Import a new key from a file:
 		GnupgKeyName	= Name of the key
 		GnupgKeyComment	= Comment (optional)
-		GnupgKeySize	= Length of the key
+		GnupgKeySize	= Length of the key (bytes)
+		GnupgKeyExpires	= Expiration time (years)
+		Never			= never
 	  }
 
 
@@ -236,6 +250,7 @@ Lang {
 		TextFiles	= The selection box contains a list of files available in the DIR/text directory. These files are sent out in response to specfic user requests or as part of all outgoing messages. Edit them as necessary.
 		EditTextFile	= Change this text according to your needs. Maybe you would like to use some of the reserved tags, that are described at the bottom of this page.
 		ResetTextFile	= This text file was customized for this list. If you want to use the system-wide default text file of the choosen language instead, you may remove this customized file.
+		GnupgGenerateKey	= Every encrypted mailing list needs a secret key. You can import this key or create it with the form below. After submitting the form, you have to be patient, as it takes some time to create a key.
 	  }
 
 	Legend {

template/config_options/admin_path.cs

@@ -3,5 +3,5 @@
 	<!-- custom path to remote administrators -->
 	<?cs call:setting("9") ?><?cs
 		if:((Data.List.Settings.8.state == 1) && (Data.List.Settings.9.state == 1))
-			?>(<?cs var:Lang.Misc.ModSubOverridesRemote ?>)<?cs /if ?>
+			?>(<?cs var:html_escape(Lang.Misc.ModSubOverridesRemote) ?>)<?cs /if ?>
 <?cs /if ?>

template/config_options/gnupg_keysize.cs

@@ -1,9 +1,9 @@
 <!-- REMOVE --><?cs include:TemplateDir + '/macros.cs' ?>
 <!-- length of the key (bytes) -->
-<select name="setting_gnupg_keysize" size="1" id="setting_gnupg_keysize">
+<label for="gnupg_keysize"><?cs var:html_escape(Lang.Misc.GnupgKeySize) ?>:</label>
+<select name="gnupg_keysize" size="1" id="gnupg_keysize">
 	<option>1024</option>
 	<option selected="selected">2048</option>
 	<option>4096</option>
 </select>
-<label for="setting_gnupg_keysize"><?cs var:Lang.Misc.GnupgKeySize ?></label>
 

template/gnupg_generate_key.cs

@@ -2,17 +2,23 @@
 	<h1><?cs var:html_escape(Lang.Title.GnupgGenerateKey) ?></h1>
 </div>
 
+<div class="introduction">
+	<p><?cs var:html_escape(Lang.Introduction.GnupgGenerateKey) ?></p>
+</div>
+
 <fieldset class="form">
 	<legend><?cs var:html_escape(Lang.Legend.GnupgGenerateKey) ?> </legend>
 
 	<form method="post" action="<?cs call:link("","","","","","") ?>" enctype="application/x-www-form-urlencoded">
+
+		<input type="hidden" name="gnupg_subset" value="generate_key" />
 		
 		<?cs call:show_options(UI.Options.GenerateKey) ?>
 
 		<!-- include default form values -->
 		<?cs include:TemplateDir + '/form_common.cs' ?>
 
-		<input type="hidden" name="action" value="gnupg_generate_key" />
+		<input type="hidden" name="action" value="gnupg_do" />
 		<button type="submit" name="send" value="do"><?cs var:html_escape(Lang.Buttons.GnupgGenerateKey) ?></button>
 	</form>
 

template/gnupg_import.cs

@@ -1,15 +1,13 @@
 <fieldset class="form">
 	<legend><?cs var:html_escape(Lang.Legend.GnupgKeyImport) ?> </legend>
+	<!-- this form has to be "multipart/form-data" to make file upload work -->
 	<form method="post" action="<?cs call:link("","","","","","") ?>"
-		enctype="application/x-www-form-urlencoded">
+		enctype="multipart/form-data">
 
-		<input type="hidden" name="gnupg_subset" value="public" />
+		<input type="hidden" name="gnupg_subset" value="<?cs
+			if:Data.Action == 'gnupg_public' ?>public<?cs
+			else ?>secret<?cs /if ?>" />
 
-		<?cs call:show_options(UI.Options.Keymanagement.Public) ?>
-
-		<td><form method="post" action="<?cs call:link("","","","","","") ?>"
-			enctype="multipart/form-data">
-		<!-- this form has to be "multipart/form-data" to make file upload work -->
 		<input type="hidden" name="list" value="<?cs var:Data.List.Name ?>" />
 
 		<ul>
@@ -23,7 +21,7 @@
 				<!-- include default form values -->
 				<?cs include:TemplateDir + '/form_common.cs' ?>
 
-				<input type="hidden" name="action" value="gnupg_import_key" />
+				<input type="hidden" name="action" value="gnupg_do" />
 				<button type="submit" name="send" value="do"><?cs
 					var:html_escape(Lang.Buttons.GnupgImportKey) ?></button>
 			</li>

template/gnupg_public.cs

@@ -6,7 +6,7 @@
 	<p><?cs var:html_escape(Lang.Introduction.GnupgPublic) ?></p>
 </div>
 
-<?cs include:TemplateDir + '/gnupg_import_form.cs' ?>
+<?cs include:TemplateDir + '/gnupg_import.cs' ?>
 
 <fieldset class="form">
 	<legend><?cs var:html_escape(Lang.Legend.GnupgPublicKeys) ?> </legend>
@@ -17,7 +17,7 @@
 			enctype="application/x-www-form-urlencoded">
 		<input type="hidden" name="gnupg_subset" value="public" />
 
-		<table>
+		<table class="gnupg_keys">
 			<?cs each:key = Data.List.gnupg_keys.public
 				?><tr><td><input type="checkbox" name="gnupg_key_<?cs var:key.id ?>"
 					id="gnupg_key_<?cs var:key.id ?>" /></td>
@@ -27,6 +27,12 @@
 						var:html_escape(key.email) ?></label></td>
 					<td><label for="gnupg_key_<?cs var:key.id ?>"><?cs
 						var:html_escape(key.expires) ?></label></td>
+					<td><a href="<?cs call:link("action", "gnupg_export",
+									"list", Data.List.Name,
+									"gnupg_keyid", key.id) ?>"
+							title="<?cs var:html_escape(Lang.Buttons.GnupgExportKey)
+								?>"><?cs var:html_escape(Lang.Buttons.GnupgExportKey)
+								?></a></td>
 					</tr>
 			<?cs /each ?>
 		</table>

template/gnupg_secret.cs

@@ -6,7 +6,7 @@
 	<p><?cs var:html_escape(Lang.Introduction.GnupgSecret) ?></p>
 </div>
 
-<?cs include:TemplateDir + '/gnupg_import_form.cs' ?>
+<?cs include:TemplateDir + '/gnupg_import.cs' ?>
 
 <fieldset class="form">
 	<legend><?cs var:html_escape(Lang.Legend.GnupgSecretKeys) ?> </legend>
@@ -17,7 +17,7 @@
 			enctype="application/x-www-form-urlencoded">
 		<input type="hidden" name="gnupg_subset" value="secret" />
 
-		<table>
+		<table class="gnupg_keys">
 			<?cs each:key = Data.List.gnupg_keys.secret
 				?><tr><td><input type="checkbox" name="gnupg_key_<?cs var:key.id ?>"
 					id="gnupg_key_<?cs var:key.id ?>" /></td>
@@ -27,6 +27,12 @@
 						var:html_escape(key.email) ?></label></td>
 					<td><label for="gnupg_key_<?cs var:key.id ?>"><?cs
 						var:html_escape(key.expires) ?></label></td>
+					<td><a href="<?cs call:link("action", "gnupg_export",
+									"list", Data.List.Name,
+									"gnupg_keyid", key.id) ?>"
+							title="<?cs var:html_escape(Lang.Buttons.GnupgExportKey)
+								?>"><?cs var:html_escape(Lang.Buttons.GnupgExportKey)
+								?></a></td>
 					</tr>
 			<?cs /each ?>
 		</table>

template/list_delete.cs

@@ -9,7 +9,7 @@
 <fieldset class="form">
 	<legend><?cs var:html_escape(Lang.Legend.ListDelete) ?> </legend>
 
-	<p><?cs var:Lang.Misc.ConfirmDelete ?></p>
+	<p><?cs var:html_escape(Lang.Misc.ConfirmDelete) ?></p>
 	<form method="post" action="<?cs call:link("","","","","","") ?>" enctype="application/x-www-form-urlencoded">
 		<input type="hidden" name="list" value="<?cs var:Data.List.Name ?>" />
 

template/nav.cs

@@ -129,7 +129,7 @@
 					title="<?cs var:html_escape(Lang.Menue.GnupgSecretKeys) ?>"><?cs
 					var:html_escape(Lang.Menue.GnupgSecretKeys) ?></a></li><?cs /if ?>
 			<?cs if:UI.Navigation.Gnupg.GenerateKey == 1
-				?><li><a <?cs if:(Data.Action == "gnupg_generate")
+				?><li><a <?cs if:(Data.Action == "gnupg_generate_key")
 					?> class="nav_active"<?cs /if ?>
 				href="<?cs call:link("list",Data.List.Name,"action","gnupg_ask",
 						"gnupg_subset","generate_key") ?>"

template/ui/gnupg/normal.hdf

@@ -30,6 +30,7 @@ UI	{
 			KeyName		= gnupg_keyname
 			KeyComment	= gnupg_keycomment
 			KeySize		= gnupg_keysize
+			KeyExpiration	= gnupg_keyexpires
 		  }